Privacy fears as banks refuse opt out from NFC-enabled cards

A leading security expert has warned that citizens' privacy rights may be in danger thanks to the refusal by most high street banks to allow customers to opt out from near-field communication (NFC) enabled bank cards using RFID technology.

Richard Hollis, a director of the not-for-profit Information Systems Audit and Control Association, argued that the lack of choice is of grave concern.

Hollis explained that he had contacted five of the UK's major banks to ask whether he could choose not to have a card with the technology, but was refused at each bank.

"Out of five banks, not one offered a credit card without an RFID chip. We are on the cusp of losing the option to opt in or opt out [of all services]," he said at the Fine Balance - Location and Cyber Privacy in the Digital Age conference.

This is a clear example of consumer choice being eroded as companies ranging from banks to Google force technology on their users, according to Hollis.

"The industry is not leading on the issue of privacy but just saying 'user beware' and carrying on with its practices, and we are still some way from the tipping point of consumers starting to ask questions about what is actually being done with their data," he added.

Hollis said that his concerns around NFC-enabled bank cards in particular extend to the idea that anyone with an RFID reader in the proximity of a card could read the data it contains for fraudulent purposes or other illegal activity.

However, HSBC told V3 that it will allow customers to choose to not receive a card using the technology when the bank begins issuing them in 2012.

"Across our UK brands (First Direct, M&S Money and HSBC) we don't currently issue NFC-enabled (contactless) cards. We expect to make an announcement regarding issuance of contactless debit cards next year," the firm said.

"As and when we begin issuance, there will be a process for customers who do not want to receive a contactless card."